I am building a custom Blog using Spring MVC. This will have an administration module, where the Blog owner can manage articles.
The owner should be able to add HTML tags, which should then later on be displayed on the articles when a user looks at them. I.e. the owner should be able to build up the article by inputting something like:
<p>This is displayed as a paragraph <b>and this in bold</b></p>
Which should then be later on be placed as "real" html code in the article placed by Thymeleaf.
So basically, I want to be able to display actual HTML tags using thymeleaf.
What are things I should take into consideration and does Spring MVC already offer something to mitigate any security implications (for example, against XSS in case my owner's account is hijacked)?
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire